Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/if4M_jKTD9A9s-ANYTeLfrZwF9E.roa
File:                     if4M_jKTD9A9s-ANYTeLfrZwF9E.roa (raw, json)
Hash identifier:          GgBawhnizX05WmmADNQKuEv2VcyEH7VgX4MRwy4H6jA=
Subject key identifier:   89:FE:0C:FE:32:93:0F:D0:3D:B3:E0:0D:61:37:8B:7E:B6:70:17:D1
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01869248BCFB2A7E01DF7AEF572DF508AABB
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/if4M_jKTD9A9s-ANYTeLfrZwF9E.roa
Signing time:             Mon 27 Feb 2023 09:51:25 +0000
ROA not before:           Mon 27 Feb 2023 09:51:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12325
IP address blocks:        94.177.28.0/24 maxlen: 24
                          86.105.144.0/22 maxlen: 24
                          185.18.224.0/23 maxlen: 24
                          89.35.124.0/23 maxlen: 24
                          89.45.162.0/24 maxlen: 24
                          89.46.128.0/22 maxlen: 24
                          89.40.70.0/24 maxlen: 24
                          188.213.212.0/24 maxlen: 24
                          188.213.216.0/24 maxlen: 24
                          188.215.40.0/22 maxlen: 24
                          92.114.32.0/24 maxlen: 24
                          89.40.222.0/23 maxlen: 24
                          89.45.35.0/24 maxlen: 24
                          92.114.54.0/24 maxlen: 24
                          31.14.228.0/22 maxlen: 24
                          89.46.232.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:92:48:bc:fb:2a:7e:01:df:7a:ef:57:2d:f5:08:aa:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Feb 27 09:51:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=89fe0cfe32930fd03db3e00d61378b7eb67017d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6d:cd:0f:b4:f9:b3:be:eb:24:17:21:09:c0:
                    64:84:f8:9a:59:18:5d:54:98:3f:e6:16:45:d8:08:
                    65:6c:07:10:08:14:aa:04:51:4a:3e:5d:07:60:07:
                    23:c8:90:b1:79:a5:d4:2d:92:54:b3:8e:7d:7e:b6:
                    48:de:c6:ba:0b:71:cc:1d:ce:ce:1f:60:8d:fa:c1:
                    82:cb:2e:d3:42:1e:58:ee:6a:c6:99:f3:58:55:28:
                    ff:e9:d6:66:2c:d4:fd:2e:e5:1f:45:f6:f9:65:40:
                    92:8d:91:68:47:e7:96:cc:0a:ec:fc:0f:ad:31:4a:
                    01:2f:f3:63:86:81:67:8f:4c:e7:c0:c4:9a:bf:8b:
                    cb:e8:e8:51:5d:45:87:1b:31:48:ce:e9:ba:63:22:
                    96:c7:d2:81:14:d2:04:07:21:ab:45:25:1a:f9:d1:
                    79:d4:90:30:87:e6:ba:41:1b:f7:1b:98:92:86:86:
                    ad:c4:46:47:a1:2c:d6:0c:74:ae:5b:54:62:47:63:
                    7d:52:07:5a:98:c9:7a:b1:09:38:9f:26:cb:76:36:
                    c6:de:92:f4:71:01:39:78:95:54:22:d8:dc:1b:34:
                    bb:b8:33:01:3e:1a:c4:60:9d:d5:89:42:35:80:06:
                    41:81:02:48:ff:50:81:12:62:58:c7:d0:33:d2:da:
                    fc:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:FE:0C:FE:32:93:0F:D0:3D:B3:E0:0D:61:37:8B:7E:B6:70:17:D1
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/if4M_jKTD9A9s-ANYTeLfrZwF9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.228.0/22
                  86.105.144.0/22
                  89.35.124.0/23
                  89.40.70.0/24
                  89.40.222.0/23
                  89.45.35.0/24
                  89.45.162.0/24
                  89.46.128.0/22
                  89.46.232.0/21
                  92.114.32.0/24
                  92.114.54.0/24
                  94.177.28.0/24
                  185.18.224.0/23
                  188.213.212.0/24
                  188.213.216.0/24
                  188.215.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:61:d9:22:22:23:f5:76:e6:8c:87:d6:02:63:15:64:11:96:
         9c:df:9c:ea:c7:6d:6d:ad:49:7a:c6:a7:ba:47:22:46:48:5b:
         29:42:0f:7e:fb:69:07:2d:7c:f5:60:56:a3:fe:64:90:c6:6b:
         5a:b9:22:cb:c1:48:33:81:e3:1f:0f:c7:79:03:d0:69:16:0c:
         99:da:a9:b4:0d:28:28:cb:10:68:c4:85:b6:a9:02:7b:18:83:
         e9:48:cb:dc:39:c1:44:df:7b:f7:5d:70:44:f7:aa:48:0b:14:
         54:4c:ef:5c:cd:be:27:29:53:6a:97:0a:98:f2:05:86:05:28:
         a7:75:bb:8c:66:69:bb:96:99:3f:dd:b5:f4:31:ca:dc:a9:45:
         ee:7a:e6:66:03:a6:f6:3a:e2:01:c0:bb:80:75:4d:a4:f9:1e:
         db:41:22:61:31:71:82:f2:53:4d:9a:f0:b4:ed:34:6b:a0:d2:
         ee:fb:82:e0:cb:be:e2:17:0f:23:43:f0:50:61:1e:e2:71:77:
         78:c0:a0:d8:1a:52:f6:96:19:f0:3c:00:46:5c:1b:fa:c4:1c:
         b0:22:13:45:f2:2f:e4:c1:d0:aa:64:e8:65:27:f9:9a:f2:f8:
         f8:5d:bd:9a:93:46:c1:4a:64:69:1f:04:1b:f5:24:4e:dd:04:
         ea:f2:38:ac
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYaSSLz7Kn4B33rvVy31CKq7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMwMjI3MDk1MTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWZlMGNmZTMyOTMwZmQwM2RiM2UwMGQ2MTM3OGI3ZWI2NzAxN2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG3ND7T5s77rJBchCcBkhPiaWRhd
VJg/5hZF2AhlbAcQCBSqBFFKPl0HYAcjyJCxeaXULZJUs459frZI3sa6C3HMHc7O
H2CN+sGCyy7TQh5Y7mrGmfNYVSj/6dZmLNT9LuUfRfb5ZUCSjZFoR+eWzArs/A+t
MUoBL/NjhoFnj0znwMSav4vL6OhRXUWHGzFIzum6YyKWx9KBFNIEByGrRSUa+dF5
1JAwh+a6QRv3G5iShoatxEZHoSzWDHSuW1RiR2N9UgdamMl6sQk4nybLdjbG3pL0
cQE5eJVUItjcGzS7uDMBPhrEYJ3ViUI1gAZBgQJI/1CBEmJYx9Az0tr8/QIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFIn+DP4ykw/QPbPgDWE3i362cBfRMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2lmNE1faktURDlBOXMtQU5ZVGVMZnJad0Y5RS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIweQYIKwYBBQUHAQcBAf8EajBoMGYEAgABMGADBAIfDuQD
BAJWaZADBAFZI3wDBABZKEYDBAFZKN4DBABZLSMDBABZLaIDBAJZLoADBANZLugD
BABcciADBABccjYDBABesRwDBAG5EuADBAC81dQDBAC81dgDBAK81ygwDQYJKoZI
hvcNAQELBQADggEBAKFh2SIiI/V25oyH1gJjFWQRlpzfnOrHbW2tSXrGp7pHIkZI
WylCD377aQctfPVgVqP+ZJDGa1q5IsvBSDOB4x8Px3kD0GkWDJnaqbQNKCjLEGjE
hbapAnsYg+lIy9w5wUTfe/ddcET3qkgLFFRM71zNvicpU2qXCpjyBYYFKKd1u4xm
abuWmT/dtfQxytypRe565mYDpvY64gHAu4B1TaT5HttBImExcYLyU02a8LTtNGug
0u77guDLvuIXDyND8FBhHuJxd3jAoNgaUvaWGfA8AEZcG/rEHLAiE0XyL+TB0Kpk
6GUn+Zry+PhdvZqTRsFKZGkfBBv1JE7dBOryOKw=
-----END CERTIFICATE-----